Meh!http://www.giric.com
I never remember useful thingsFri, 28 Jun 2013 07:08:27 +0000en-UShourly1https://wordpress.org/?v=4.9.8Importing missing apt keyshttp://www.giric.com/2013/06/importing-missing-apt-keys/
Mon, 24 Jun 2013 07:24:26 +0000http://www.giric.com/?p=125This is another one where I get a mental blank. I know there is a way to import a new gpg key for apt, but I always have to look it up.

sudo apt-key adv --keyserver keys.gnupg.net --recv 886DDD89

And that is all there is to it. (Substitute your favourite keyserver and the correct key, obviously).

]]>using wireshark without roothttp://www.giric.com/2013/04/using-wireshark-without-root/
Mon, 15 Apr 2013 20:29:32 +0000http://www.giric.com/?p=92Wireshark is a great and powerful tool, but for too long I’ve just been starting it as root, and ignoring the nag-screen that Debian keeps throwing at me. But it’s dead simple to do it the right way without root privileges.

All you need to do is reconfigure the package

sudo dpkg-reconfigure wireshark-common

and allow non-superusers to capture packets.

dpkg wireshark-common

Finally, add yourself to the ‘wireshark’ group.

sudo adduser yourname wireshark

Remember to log out and back in for the group change to take effect.

]]>adding users to groupshttp://www.giric.com/2013/04/adding-users-to-groups/
Mon, 08 Apr 2013 16:25:03 +0000http://www.giric.com/?p=88It’s embarrassing. I just have a mental block when it comes to adding an existing user to an existing group.

sudo adduser user group

or to remove a user from a group

sudo deluser user group

Meh!

]]>ipsec on a small LANhttp://www.giric.com/2013/03/ipsec-on-a-small-lan/
Thu, 28 Mar 2013 03:41:38 +0000http://www.giric.com/?p=85Most tutorials cover implementing IPsec as a VPN solution between two sites, but what if you want to secure communications on one site representing a not atypical home LAN with a couple of machines: some wireless, some Linux, some Android, some Windows, and a dual ipv6/ipv4 stack (courtesy of Hurricane Electric’s free TunnelBroker service)? And to make life more difficult, there are some devices that don’t support IPsec at all. Obviously, you need at least two IPsec capable machines for this to make much sense.

Does it work, and how well?

Linux

Well I run a weird mix of Debian, Ubuntu, and Raspbian machines at home for different purposes, but as they all have a common root the procedure is the same on each. First, we need to install the user space tools (and I’m using Racoon for automatic key exchange).

sudo apt-get install racoon ipsec-tools

and choose “Direct” configuration for racoon when asked. Using pre-shared keys is a pain in the ‘arris so I’m going to use RSA keys for the moment. Therefore, we need to create RSA keys for each of the hosts involved and compile a file of their public keys. So on each host, run

sudo plainrsa-gen -b 4096 -f /etc/racoon/certs/hostname.key

Note that on Ubuntu hosts the ‘certs’ subdirectory will need to be created first.

If you look at the contents of the hostname.key file you will see the public key on the top line, which is preceded with a hash. Create a file called public.keys and copy the public key of each host (minus the hash) into it so that it looks something like this

Here we have set rsasig to be the initial key authentication method for all hosts, and the encryption mechanisms for all hosts. Now, restart racoon and we are nearly there.

sudo service racoon restart

If you are running a firewall then you must remember to punch a hole in it for racoon something like

sudo ufw allow to any port 500 proto udp from any

Having set up the host keys, and configured racoon to automatically exchange keys and set up the Security Associations, all that remains is to set the Security Policies. Edit the /etc/ipsec-tool.conf script to look like below, replacing your ip ranges as appropriate.

The policies shown here for both ipv4 and ipv6 are that any ip-packet to and from a host should be both encrypted (ESP) and authenticated (AH) if possible. You can up the policy from ‘use‘ to ‘require‘ but you may run into problems with non-IPsec hardware such as ADSL routers etc. which will be rejected by the policy.

Lastly, put the policies into effect

sudo /etc/ipsec-tool.conf

Testing it out

Start a tcpdump session on a terminal on one of the IPsec enabled hosts

Conclusion

So it takes just a few minutes for Linux hosts to start talking to each other with IPsec, although it strikes me as complete overkill for a home LAN. But at least I can do it if I want to.

RSA keys are a bit less of a pain that pre-shared keys when you have a handful of hosts, but would be very difficult to maintain on a larger network. And Windows does not support them. Pre-shared keys would be fine for a tunnel.

In the next installment, I shall move to a CA scheme instead of RSA, and hook up the Windows client.

]]>streaming multiple DAB channels from an RPihttp://www.giric.com/2013/03/streaming-multiple-dab-channels-from-an-rpi/
Mon, 25 Mar 2013 17:18:08 +0000http://www.giric.com/?p=76There are any number of ways to listen to BBC radio over the web. You can use iPlayer for live and catchup, or you can stream to a client using one of the many published urls.

But to save my bandwidth I decided to stream the BBC’s DAB over my local network using a spare DVB-T USB stick. Although I used a Raspberry Pi for the guide, it would work equally well with any modern Linux distro.

Throughout this guide my RPi has a hostname of ‘raspberry’: replace this with your own hostname or ip address as appropriate.

Configure the receiver

This really couldn’t be easier with a modern distro like raspian. Plug in the USB stick (I used a KWorld USB DVB-T TV Stick II (VS-DVB-T 395U)) and find out the usb vendor and device ID.

You can see the chip on the DVB-T stick has been identified as an Afatech with a vendor id of 1b80 and a device ID of e39b. Look up the support status of your stick at linuxtv, and follow the link to find the extracted firmware for your device. Download the firmware to the /lib/firmware directory.

cd /lib/firmware
sudo wget firmware_url_from_linuxtv

You will need to unplug and replug the USB (or reboot if you wish) for the firmware to be loaded. Finally, we need to install some dvb tools, and scan for the DAB channels.

sudo apt-get install dvd-apps

will install a number of tools, but we shall only need ‘scan’. You also need to know which transmitter serves your area (I’m on Winter Hill) which you can find out here. Run the following command, replacing Winter Hill with your own transmitter, which creates a file of the channels which your DVB-T is actually receiving.

scan -x 0 /usr/share/dvb/dvb-t/uk-WinterHill > channels.conf

And have a look at the contents

BBC Radio 1:801833000:INVERSION_AUTO:BANDWIDTH_8_MHZ:FEC_2_3:FEC_1_2:QAM_64:TRANSMISSION_MODE_8K:GUARD_INTERVAL_1_32:HIERARCHY_NONE:0:1002:6720
BBC Radio 2:801833000:INVERSION_AUTO:BANDWIDTH_8_MHZ:FEC_2_3:FEC_1_2:QAM_64:TRANSMISSION_MODE_8K:GUARD_INTERVAL_1_32:HIERARCHY_NONE:0:1102:6784
BBC Radio 3:801833000:INVERSION_AUTO:BANDWIDTH_8_MHZ:FEC_2_3:FEC_1_2:QAM_64:TRANSMISSION_MODE_8K:GUARD_INTERVAL_1_32:HIERARCHY_NONE:0:1202:6848
BBC Radio 4:801833000:INVERSION_AUTO:BANDWIDTH_8_MHZ:FEC_2_3:FEC_1_2:QAM_64:TRANSMISSION_MODE_8K:GUARD_INTERVAL_1_32:HIERARCHY_NONE:0:1302:6912

You can see here that all the BBC radio stations are on the same multiplex, with a frequency of 801833000 Hz, and Radio 4 has a sid of 6912. There are a number of ways of streaming multiple channels from the same multiplex which we will now explore.

Streaming with VLC

VLC is the Swiss Army Knife of media players, and also streams media in any number of formats. First off, install vlc (I’m installing the cli only, hence the ‘No X’).

sudo apt-get install vlc-nox

As a simple test, run the following command on the RPi and it will stream BBC Radio 4 from you DVB-T stick. Remember to replace frequency and program with your own values from above.

and enjoy! There is a fairly easy way to stream two or more stations but it doesn’t seem to work on the current build. Additionally, initial playback seems very jerky while vlc reads the EPG.

Streaming with MuMuDVB

MuMuDVB is an easier way to stream multiple channels, and will actually multicast a whole multiplex onto the local network. Firstly, install the software, and add the server user to the ‘video’ group so it has appropriate permissions for the DVB card.

sudo apt-get install mumudvb
sudo adduser _mumudvb video

And create a config file (I’m using /etc/mumudvb/bbc.conf) with the following contents.

Some of these options need a little explanation. Multicast kills my local network due to my crappy consumer grade ADSL router, so you can see the switches to turn that off and turn unicast on instead. The freq is the frequency of the multiplex we want in MHz, not the Hz that we identified earlier.. Finally, we want full autoconfiguration, including radios, but only to stream the listed channels (The sids of all the radio channel – Radio 4 is 6912 as before) as the RPi struggles to stream all the TV channels and I don’t need them.

Change the setting in the /etc/default/mumudvb as follows (there are other options but the don’t need changing)

DONTSTARTMUMU=false
MUMUDVB_CONF_0="/etc/mumudvb/bbc.conf"

and start the service

sudo service mumudvb start

Then all you need to do is play your chosen channel. Visiting http://raspberry:4242/channels_list.html with your browser will show you the streaming channels and their links, but the general format is http://raspberry:4242/bysid/6912 (where 6912 is the channel sid, BBC Radio 4 in this case). So try

vlc http://raspberry:4242/bysid/6912

and you should be listening to Radio 4 DAB, streamed over your LAN by a Raspberry Pi.

]]>Tethered shooting with Entanglehttp://www.giric.com/2013/03/tethered-shooting-with-entangle/
Sun, 17 Mar 2013 19:20:56 +0000http://www.giric.com/?p=41I recently wrote about using gphoto2 to both set Owner and Copyright information on a DSLR, and using it for tethered shooting. For those of you who are adverse to command lines, the very promising Entangle is now in Debian unstable.

It does everything I have previously written about and more. Not only can you shoot tethered and see your photos appear on screen, you can change all the camera settings from the GUI including aperture, shutter speed, ISO, camera mode, etc.

Furthermore, you can use it for remote shooting. Stick you camera on a tripod, and shoot away from the comfort of your laptop. Highly recommended.

]]>Tethered shooting with gphoto2http://www.giric.com/2013/03/tethered-shooting-with-gphoto2/
Tue, 12 Mar 2013 16:02:42 +0000http://www.giric.com/?p=33Tethered shooting with a DSLR (shooting directly to a connected computer via a USB cable) on Linux is very, very easy, assuming you have gphoto installed.

gphoto2 --capture-tethered

And start shooting away! However, I wanted to be a bit cleverer and improve my workflow slighty to overcome a few shortcomings. I wanted to:

Shoot raw

Display the last shot full-screen.

Not clobber existing files if I re-ran the tether.

it turns out that this is all easy to do with a small bash script and gphoto’s “hook” capabilities. I knocked up the following based upon the sample distributed with gphoto and called it hook.sh.

In simple terms, once gphoto has received an image from the tethered camera, the ‘download’ case of the hook script is called. If the image is a jpeg, Eye of Gnome is employed to display it full-screen. If it is a raw file (I have a Canon hence the CR2 mime type), the embedded jpeg is first extracted and displayed full-screen, then the most excellect ufraw is used to create a full size jpg copy.

Why are two jpgs created from the raw file? On my fairly slow laptop the conversion of a file to jpeg can take up to 30 seconds which I found frustratingly slow when shooting; the embedded jpeg has a higher resolution than my monitor and is quick to extract and display; the high-quality conversion can then take place in the background.

During my testing I discovered that Eye of Gnome sometimes reads the image before ufraw had finished writing it which resulted in some nasty displays. The quick and simple hack of creating the preview with a different name and replacing the displayed image is one of those things that ‘just works’.

All that is left is to tie it all up, and get gphoto to give the images timestamped names rather than sequential numbers. If you use the default filename you must remember to change folders before running the scripts again or you will clobber the existing files!

]]>GIMP xcf file size reductionhttp://www.giric.com/2013/02/gimp-xcf-file-size-reduction/
Thu, 21 Feb 2013 12:45:01 +0000http://www.giric.com/?p=24If you are a GIMP user you can end up with plenty of .xcf files. I do all my editing with xcfs after importing from RAW with the excellent ufraw-gimp plugin. But they can get pretty big…

Step forward bzip2. If you are running linux, you will already have bzip installed, and the bonus is that GIMP can read and write natively its xcf files compressed with bzip. There is a small performance hit on opening and saving files, but you can save 10-40% of file-size; that can easily be 40 MiB for a simple file with a couple of layers.

Of course, disk space is pretty cheap these days, but to my mind there is no point leaving uncompressed files around the place if they are unlikely to be used for a long time. So I run a little cron job to scan my home directory and bzip compress files with an xcf extension which have not been modified for a fortnight or more.

This runs the command at 5 minutes past 4 every morning, and compresses any file with a .xcf extension with bzip2, but only if it was last modified more than 14 days ago. Of course, your PC actually needs to be on at this time (unless you are running anacron or similar) for this to work.

]]>Updating camera settings with gphoto2http://www.giric.com/2013/02/updating-camera-settings-with-gphoto2/
Thu, 14 Feb 2013 15:12:51 +0000http://www.giric.com/?p=19gphoto2 is a cool little command line utility to remotely control many digital cameras and their settings. Grab it out of your repository, connect your camera by USB, turn on and enjoy.

Sometimes when you try to use gphoto2 you get an error message like this

*** Error ***
An error occurred in the io-library ('Could not lock the device'): Camera is already in use.
*** Error (-60: 'Could not lock the device') ***

which is probably because you’ve connected you camera with an SD/CF card in it. Fix it simply with

gvfs-mount -s gphoto2

or however you chose to unmount a remote drive.

All I wanted to do was check my shuttercount, but you can get a full list of your camera’s capabilities with the following command (yours will probably be different)

I thought I’d update the time on the camera whilst I was at it, so used this handy little shortcut.

gphoto2 --set-config datetime=`date +%s`

Depending on your model, you may be able to set copyright and ownername strings which the camera will automatically embed in EXIF for all photos taken: check what your camera supports as described above.

]]>1&1 quietly enable ipv6http://www.giric.com/2013/02/11-quietly-enable-ipv6/
Sun, 10 Feb 2013 20:00:16 +0000http://www.giric.com/?p=11I’ve been waiting for 1&1 to sort themselves out for ipv6, and now they’ve slipped some under the radar.

Their customer control panel (my.1and1.co.uk) has been ipv6 accessible for a couple of months, but now I find I can turn ipv6 on and off for my domains! Just go to the DNS settings for your domains and there it is – instant moderness (ha).

Now, if only they’d sort out their mail servers with ipv6 (and DKIM) I’d be a happy bunny.